EP24: The Danger of Malicious OAuth Apps in M365

Malware News
1 
			<div>
			<div>
			
			
			
			
			<div>
			
			
			
			
			<div><div></div></div>
		</div><div>
			
			
			
			
			<div><p>Malicious OAuth apps are an issue that has plagued M365 for many years. By default, end users are given great freedom to “authorize” OAuth apps and provide them access to the M365 tenant, unknowingly creating a security issue that persists even once the affected user’s password has changed!&nbsp;</p>   <p>In today’s episode, Andy and Paul Schnakenburg discuss the danger of malicious OAuth apps at length, providing listeners info on the danger, what you can do about it, and what you need to look out for! Hope you enjoy!&nbsp;</p> <p> Timestamps:</p>  <p>(1:57) – What are malicious OAuth Applications?&nbsp;</p>   <p>(5:21) – Who can authorize OAuth Applications in a M365 tenant?&nbsp;</p>   <p>(8:25) – How are malicious OAuth Applications getting past Microsoft Review?&nbsp;</p>   <p>(14:56) – An example of a how a malicious OAuth Application might function in an attack&nbsp;</p>   <p>(17:44) – Mitigation and prevention of malicious OAuth Application attacks&nbsp;</p>   <p>(25:35) – The M365 Essential Companion Guide eBook&nbsp;</p> <p> Episode Resources:</p> <p><a href="https://learn.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview" rel="noreferrer" target="_blank">  M365 Publisher Verification</a></p> <p><a href="https://learn.microsoft.com/en-us/microsoft-365-app-certification/docs/attestation" rel="noreferrer" target="_blank">  M365 Publisher Attestation</a></p> <p><a href="https://learn.microsoft.com/en-us/microsoft-365-app-certification/docs/certification" rel="noreferrer" target="_blank"> M365 App Certification</a></p> <p><a href="https://learn.microsoft.com/en-us/microsoft-365-app-certification/docs/acat-overview" rel="noreferrer" target="_blank"> M365 ACAT Tool</a></p> <p><a href="https://www.hornetsecurity.com/en/m365-companion-guide-2023/?LP=Libsyn-Content-Podcast-EP24&amp;Cat=Content&amp;ALP=Podcast-EP24-Libsyn&amp;utm_source=Libsyn&amp;utm_medium=content&amp;utm_campaign=Podcast-EP24&amp;utm_content=podcast" rel="noreferrer" target="_blank"> Free eBook ‘Microsoft 365: The Essential Companion Guide’</a></p> <p> Find Andy on&nbsp;<a href="https://www.linkedin.com/in/asyrewicze/" rel="noreferrer" target="_blank">LinkedIn</a>,&nbsp;<a href="https://www.twitter.com/asyrewicze" rel="noreferrer" target="_blank">Twitter</a>&nbsp;or&nbsp;<a href="https://infosec.exchange/@andysandwich" rel="noreferrer" target="_blank">Mastadon</a></p> <p> Find Paul on&nbsp;<a href="https://www.linkedin.com/in/paulschnack/" rel="noreferrer" target="_blank">LinkedIn</a>&nbsp;or&nbsp;<a href="https://twitter.com/paulschnack?lang=en" rel="noreferrer" target="_blank">Twitter</a></p></div>
		</div><div>
			
			
			
			
			<div>

		</div>
			
			
		</div><p>Der Beitrag <a href="https://www.hornetsecurity.com/en/podcast/malicious-oauth-apps-m365/" rel="noreferrer" target="_blank">EP24: The Danger of Malicious OAuth Apps in M365</a> erschien zuerst auf <a href="https://www.hornetsecurity.com/en/" rel="noreferrer" target="_blank">Hornetsecurity</a>.</p>

Article Link: https://www.hornetsecurity.com/en/podcast/malicious-oauth-apps-m365/